[PVE-User] about pve-firewall pending changes
lyt_yudi
lyt_yudi at icloud.com
Fri Aug 1 17:20:13 CEST 2014
在 2014年8月1日,下午7:42,Alexandre DERUMIER <aderumier at odiso.com> 写道:
> That mean that proxmox try to apply rules, but it don't work.
>
> (maybe it's a bug in generated rules from proxmox).
>
> any logs in /var/log/daemon.log ?
>
>
> can you provide your vms,cluster and host config firewall config ?
yes,the daemon.log link this:
http://mirrors.myccdn.info/images/daemon.log
It’s a cluster of host1 and host2,
host1 -
#cat host.fw
[OPTIONS]
log_level_in: nolog
nf_conntrack_max: 663500
nf_conntrack_tcp_timeout_established: 7875
tcpflags: 1
[RULES]
IN ACCEPT -source +managenet
host2 -
#cat host.fw
[OPTIONS]
enable: 1
nf_conntrack_max: 663500
nf_conntrack_tcp_timeout_established: 7875
log_level_out: nolog
tcpflags: 1
log_level_in: nolog
tcp_flags_log_level: nolog
smurf_log_level: nolog
[RULES]
IN ACCEPT -source +managenet
100.fw,103.fw in the host1
# cat 100.fw
[OPTIONS]
enable: 1
[RULES]
IN ACCEPT -source +managenet
# cat 103.fw
[OPTIONS]
enable: 1
log_level_in: nolog
[RULES]
GROUP webserver
IN ACCEPT -source +managenet
102.fw in the host2
# cat 102.fw
[OPTIONS]
log_level_in: nolog
enable: 1
policy_in: DROP
log_level_out: nolog
[RULES]
GROUP webserver
IN ACCEPT -source +managenet
## cat cluster.fw
[OPTIONS]
enable: 1
[IPSET managenet]
10.0.0.0/8
172.16.0.0/16
192.168.0.0/16
x.x.x.x
#many ip for management use#
n.n.n.n
[RULES]
IN ACCEPT -source +managenet
[group webserver]
IN HTTP(ACCEPT)
IN HTTPS(ACCEPT)
# pveversion -v
proxmox-ve-2.6.32: 3.2-132 (running kernel: 2.6.32-31-pve)
pve-manager: 3.2-18 (running version: 3.2-18/e157399a)
pve-kernel-2.6.32-31-pve: 2.6.32-132
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.7-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.10-1
pve-cluster: 3.0-14
qemu-server: 3.1-28
pve-firmware: 1.1-3
libpve-common-perl: 3.0-19
libpve-access-control: 3.0-15
libpve-storage-perl: 3.0-21
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-7
vzctl: 4.0-1pve6
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 2.1-1
ksm-control-daemon: 1.1-1
glusterfs-client: 3.4.2-1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20140801/4758633d/attachment.htm>
More information about the pve-user
mailing list